System and method for regulating data traffic in a network

ABSTRACT

A method and system for regulating the flow of data packets in a data switching network environment is provided. The network comprises at least one virtual local area network (VLAN), at least one provider edge (PE), and a data switching system. The method comprises the steps of configuring flow policy criteria for data packets for each VLAN and regulating the flow of data packets between the VLAN and the data switching system according to the flow policy criteria. The system for regulating the flow of data packets comprises the means for performing the method steps given above. The method can also regulate the flow of data packets, by defining the flow policy criteria for each virtual forwarding instance (VFI) in the network.

BACKGROUND OF THE INVENTION

1. Field of Invention

This invention relates in general to data traffic regulation innetworks. More specifically, the invention relates to methods andsystems for data traffic regulation in a data switching environment suchas virtual private local area network systems.

2. Description of the Background Art

The need to transfer data such as work files, audio files, etc., hasincreased exponentially today. This has given rise to the concept ofconnecting customer edges such as computer workstations, data servers,etc., by local area network (LAN) and wide area network (WAN) andInternet, depending on the geographical distribution of the customeredges. Data transfer needs also gave rise to virtual LAN (VLAN), whereinthe data transfer takes place in the same manner as customer edges areconnected in a LAN, despite the geographical separation between them.VLAN is defined as a group of devices on different physical LAN segmentsthat can communicate with each other as if they were all on the samephysical LAN segment. Data transfer between customer edges present intwo different VLANs is possible with the help of data switchingenvironments, which enables data transfer at faster rates. Various VLANsare connected to a provider edge (PE) and various provider edges (PEs)are connected to a data switching system. In one of the networkingsolutions, various VLANs are connected to multiple provider edges (PEs).These PEs are interconnected with the help of a data switching system tocreate a single distributed VLAN, which appears as a single entity. Twodifferent provider edges are connected to each other virtually by one ormore virtual circuits (VCs) through which the data transfer takes placewith the help of the data switching system. Data switching systemprovides the infrastructure to enable the exchange of data betweenvarious VLANs, LANS, virtual private networks (VPN), and the like.Exemplary data switching systems include multi protocol label switchingsystem (MPLS) that enables data transfer in a data switchingenvironment, such as virtual private LAN systems (VPLS).

When a user wants to send any data packet to another user in the sameVLAN but at a geographically distributed site, the data packet transferin a data switching environment takes place in the following manner. Theuser in the VLAN sends the data packet to a provider edge connected toit. At the provider edge, the data packet is transferred to one or allthe active VCs connected to the provider edge. Each of these VCssubsequently sends the data packet through the data switching system toanother provider edge, to which the recipient customer edge isconnected. This provider edge then transfers the data to the recipientcustomer edge.

However, in this communication, the data packets can get replicated onall the active VCs before sending them to the data switching system.This results in the flooding of the data traffic, which may in turnhampers the smooth transfer of data and results in delays and loss indata transmission. It also disrupts the working of the data switchingsystem.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a data switching environment in a virtual local areanetwork system, in accordance with an exemplary embodiment of thepresent invention.

FIG. 2 illustrates a provider edge in the data switching environment, inaccordance with an exemplary embodiment of the present invention.

FIG. 3 depicts a system for regulating the flow of data packets, inaccordance with an exemplary embodiment of the present invention.

FIG. 4 is a flow chart depicting a method for regulating flow of datapackets in a network, in accordance with one embodiment of the presentinvention.

FIG. 5 is a flow chart depicting a method for regulating flow of datapackets in a network, in accordance with another embodiment of thepresent invention.

FIG. 6 is a suppression graph of a virtual local area network, inaccordance with an exemplary embodiment of the present invention

DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION

The invention provides a method, a system, and a computer programproduct for regulating flow of data packets in a data switching networksuch as a Virtual Private LAN system (VPLS) network. The data switchingnetwork includes one or more Virtual Local Area Networks (VLAN)connected through provider edges. Each VLAN includes one or morecustomer edge. The communication between VLANs associated with differentprovider edge takes place via a data switching system such as a multiprotocol label switching system (MPLS). The various embodiments of thepresent invention enable the regulation of network traffic through thedata switching system. The regulation is based on one or more flowpolicy criteria on a per VLAN/virtual Forwarding Instance (VFI) basis.The criteria could be the data packet flow rate associated with thedifferent types of data packets.

FIG. 1 illustrates a data switching environment in a virtual local areanetwork system, in accordance with an exemplary embodiment of thepresent invention. As shown in the figure, the data switchingenvironment includes plurality of virtual local area networks (VLAN)such as VLAN 102,104 and 106. VLAN 102 includes customer edges 115 and116, which are connected to a provider edge 110 through communicationchannels. Customer edges can be one of a personal computer, a dataserver, local area network (LAN) and the like. Different VLANs in thenetwork can have different number of customer edges. Every VLAN isconnected to a single provider edge. A single provider edge can beconnected to more than one VLAN. Provider edge 110 is connected to dataswitching system 108 through a communication channel. In an embodimentof the invention, data switching system 108 can be a multi protocollabel switching system (MPLS). Various provider edges in the network,such as provider edge 112 and 114, are also connected to data switchingsystem 108 through communication channels. The transfer of data packetsbetween the various customer edges takes place though virtual circuits(VCs). In one embodiment of the invention, a virtual circuit 120virtually connects provider edge 110 to provider edge 112 through dataswitching system 108. In an embodiment of the invention, data switchingsystem 108 and VLANs 102, 104, and 106 are part of a VPLS network.

When a user wants to send any data packet to another user present in thesame VLAN but at a geographically distributed site, the data packettransfer takes place in the following manner. In an exemplary embodimentof the invention, a user in VLAN 102 sends a data packet to provideredge 110. VLAN 102 can be connected to PE 110 via Ethernet, GigaEthernet and the like. Provider edge 110 then identifies the type ofdata packet and accordingly transfers the data packet to a recipientcustomer edge such as a customer edge 117. There are different types ofdata packets that can be transferred by data switching system 108, thedata packet can be one of unicast, multicast and broadcast. For example,in case of a multicast data packet, at provider edge 110, the datapacket is replicated and transferred to all the active VCs connected toprovider edge 110. Each of these VCs subsequently sends the data packetthrough data switching system 108 to provider edge 112 to which therecipient customer edge is connected. Provider edge 112 then transfersthe data to recipient customer edge 117 through VLAN 104. In anembodiment of the invention, VLAN 102 and 104 can be present in the sameVLAN but at geographically distributed sites. The replication can,however, lead to flooding of traffic at data switching system 108.

Every VLAN has a communication channel to connect to data switchingsystem 108, where the communication channel has a capacity to transferdata. The flooding of traffic can take place if the capacity issurpassed. The replication of the data packets on each active VC, andfurther transfer of the data packets by the VCs from the VLAN to dataswitching system 108, can lead to the flooding of data packets. Theproblem of flooding arises not only from the user side of the network,i.e., when the data is transferred from a user in a VLAN to dataswitching system 108, but also due to the data transfer from dataswitching system 108 to a VLAN. In order to protect data switchingsystem 108, there is a need to monitor and suppress the number ofpackets sent to data switching system 108. The various embodiments ofthe present invention are used to regulate the traffic of data packetsbased on various criteria such as the rate of data flow and the datatype.

FIG. 2 illustrates a provider edge in the data switching environment, inaccordance with an exemplary embodiment of the present invention. Asshown in the figure, exemplary provider edge 110 is connected to VLAN102 and data switching system 108. Provider edge 110 includes a localarea network line card (LAN LC) 202 connected to VLAN 102, a regulator204 connected to LC 202, and a plurality of VCs. LC 202 can include asupervisor (SP). Regulator 204 is connected to one or more line cards,for example, two LCs 206 and 208. Every LC has some active VCs situatedon it. For example, LC 206 has three active VCs 120, 122 and 124 whileLC 208 has two active VCs 212 and 214 situated on it. Each VC isconnected to data switching system 108. Regulator 204 regulates the flowof traffic to and from data switching system 108. LCs such as a Letocard and the like, along with the SP such as Encoded Address RecognitionLogic (EARL) help in the data packet transfer. In an embodiment of theinvention, each of LC 206 and 208 includes a data packet flow regulator220, which helps in regulating the data packet traffic in a network withthe help of regulator 204. The various functions of data packet flowregulator 220 are explained in detail in the description that follows.

In an exemplary embodiment of the invention, the data transfer takesplace in the following manner. A user in VLAN 102 sends a data packet toprovider edge 110. LAN LC 202 receives the data packet. Regulator 204identifies whether the data packets satisfy a flow policy criteriadefined for the VLAN. Regulator 204 can also update LC 202 regarding thedata traffic associated with VLAN 102. Regulator 204 includes variouscomponents, to monitor and regulate the data traffic. In case the flowpacket criteria is satisfied, the data packet is replicated andtransferred to the active VCs connected to it, for example VC 120, 122,and 124 on LC 206 and VCs 212 and 214 on LC 208. In case there is onlyone active VC, replication is not performed. Each of these VCssubsequently sends the data packet through regulator 204 to dataswitching system 108. Further, data switching system 108 transfers thedata to a recipient customer edge. The recipient customer edge canreside on another provider edge such as provider edge 112.

FIG. 3 depicts a regulator, in accordance with an exemplary embodimentof the present invention. Regulator 204 includes a data packetidentifier 302, a configuration module 304, a calculator 306 and datapacket flow regulator 220. In an embodiment of the invention, datapacket flow regulator 220 can reside in LC 206 and LC 208. In variousembodiments of the invention, regulator 204 and its elements can beimplemented as software, hardware, firmware and their combinationthereof.

Data packet identifier 302 identifies the type of the received datapacket. Configuration module 304 is used to configure the flow policycriteria for a particular type of data packet. In an embodiment of theinvention, the flow policy criteria can be varied with the data type. Inan embodiment of the invention, a user can configure the flow policycriteria for each type of data packet. In another embodiment of theinvention, the flow policy criteria can be pre-programmed. In anembodiment of the invention, configuration module 304 includes a commandline interface (CLI), wherein the appropriate commands for configuringthe flow policy criteria can be entered by the user.

In an embodiment of the invention, the flow policy criteria can be asuppression level for data packet flow rate from a specific VLAN, i.e.,defining a limit for data packet flow rate beyond which data packets arenot to be transmitted to the recipient customer edge. In an embodimentof the invention, the suppression level can be different for thedifferent data types. In another embodiment of the invention, a commonsuppression level can be defined for the various data types. In anotherembodiment of the invention, a common suppression level can be definedfor all the VLANs.

Calculator 306 calculates the value of a parameter associated with theconfigured flow policy criteria. In an embodiment of the invention,calculator 306 calculates the data packet flow rate. Further, thecalculated parameters by calculator 306 are conveyed to data packet flowregulator 220. In one embodiment of the invention, data packet flowregulator 220 can be a part of regulator 204. Further, details regardingthe calculation of data flow rate is described later in the description.

Subsequently, data packet flow regulator 220 determines whether the datapackets are to be transferred to data switching system 108 or not. Ifthe calculated value of the parameter satisfies the flow policycriteria, the data packets are allowed. If the calculated value does notsatisfy the flow policy criteria, the data packets are disallowed. Forexample, based on the data packet flow rate and the suppression level,the data packet flow is regulated by data packet flow regulator 220. Inone embodiment of the invention, the user can be informed about the flowrate of the data packets by using a user notification module. In anotherembodiment of the invention the user can be informed about the droppedpackets by using the user notification module.

Calculator 306 calculates the data packet flow rate to be sent to dataswitching system 108 based on the input VLAN data packet rate and thenumber of active VCs. In an embodiment of the invention, calculator 306can be a part of LC 206. In the case of multicast data packets, all theinput VLAN data packets are replicated on all the active VCs present inthe provider edge. Hence, the flow rate of the data packets sent to dataswitching system 108 is the result of the multiplication of the numberof input VLAN data packets and the number of active VCs. Calculator 306is pre-programmed to calculate the data packet flow rate according tothe following equation:R _(out) =R _(in) *N _(vcs)

-   -   R_(out)—Data packets output rate to the data switching system    -   R_(in)—Data packets input rate from VLAN    -   N_(vcs)—Total number of active VCs associated with the VLAN

In an embodiment of the invention, the suppression levels are configuredtaking into account the various types of data packets, i.e., defining alimit for a particular type of data packet flow rate beyond which thattype of data packet is not to be transmitted to the recipient customeredge. In addition, the suppression levels can also be configured basedon bytes rate, and packet rate. Each VLAN can be configured withseparate suppression control levels that are used to suppress differentdata packet types independently. In another embodiment of the invention,the user can enable or disable regulator 204 by using configurationmodule 304. Disabling regulator 204 results in the transfer of datawithout intervention from the regulator, i.e., the regulator does notcheck whether the flow policy criteria are satisfied.

FIG. 4 is a flow chart depicting a method for regulating the flow ofdata packets in a network, in accordance with one embodiment of thepresent invention. Regulator 204 allows the user to configure the datapacket flow policy at step 402. This includes defining the flow policyand associated criteria on a per VLAN basis, i.e. defining the flowpolicy criteria for each of the VLANs. In another embodiment of theinvention, the flow policy criteria can be defined on a per VFI basis.Once the flow policy is configured, regulator 204 regulates the datapacket flow according to the configured flow policy at step 404. If thedata packets satisfy the flow policy criteria, they are allowed.Otherwise, they are not allowed, thereby reducing the traffic on dataswitching system 108. In another embodiment of the invention, datatraffic from data switching system 108 to a customer edge on a VLAN isregulated based on the method described above. In an embodiment of theinvention, if the data packets do not satisfy the flow policy criteria,they are suppressed temporarily. The data packets are allowed as soon asthe data packets are able to satisfy the flow policy criteria. Inanother embodiment of the invention, data packets are dropped if they donot satisfy the flow policy criteria. In another embodiment of theinvention, regulator 204 also updates LC 206 and 208 regarding the datatraffic associated with each VLAN, for example VLAN 202.

FIG. 5 is a flow chart depicting a method for regulating the flow ofdata packets in a network, in accordance with another embodiment of thepresent invention wherein the data packet flow policy is based on alevel of suppression, i.e., the flow of the data packets is suppressedabove the suppression level. At step 502, a user specifies the type ofdata packets to be regulated. Further, the suppression levels areconfigured for the data packets to be regulated at step 504. The usercan configure the data packet flow policy with respect to the type ofdata packets and the suppression levels for each type of data packet. Atstep 506, regulator 204 identifies the data packet and the type of datapackets with the help of data packet identifier 302. Then, the datapacket flow rate is calculated at step 508 with the help of calculator306. Calculation of data packet flow rate is based on the number ofactive VCs. Once the data packet flow rate is calculated, the datapacket flow regulator 220 of checks at step 510 if the calculated datapacket flow rate is higher than the suppression level. If the datapacket flow rate is higher than the suppression level, data packet flowregulator 220 disallows the flow of data packets at step 514. If thedata packet flow rate is below the suppression level, data packet flowregulator 220 allows the flow of data packets at step 512. In anembodiment of the invention, LC 206 is updated regarding the trafficflow associated with the VLAN, i.e., whether the packets are allowed ornot. Further, in case the traffic flow is not allowed, the reason forthe same is conveyed to LC 206.

FIG. 6 is a suppression graph of a VLAN, in accordance with an exemplaryembodiment of the present invention. The graph is a plot of data packetcount (on Y-axis) vs. time (on X-axis). A dotted line 602 indicates theconfigured suppression level for the data packet flow. Calculator 306 ofregulator 204 calculates the flow of data packets for which thesuppression levels are configured for each VLAN. The calculation takesplace over a fixed interval of time, such as a one-second interval. Thelines show the calculated data packet flow rate with respect to time.During the interval, the data packet count is compared with theconfigured suppression level. Once the level is reached, further packetsare suppressed/dropped for the rest of the interval. For example, asshown in the graph, between the time cycle T1-T2, as soon as the datapacket count exceeds the suppression level, the data packets are nottransmitted to data switching system 108. This is depicted by a dottedline 604.

Embodiments of the present invention have the advantage that dataswitching networks such as the MPLS core network can be protected fromthe flooding of data traffic by suppressing data packets above the levelof suppression. The suppression level can be defined on a per VLAN/VFIbasis, i.e., there can be different suppression levels for differentVLANs. The various embodiments of the invention allow protection of thecore network from the flooding of data packets coming to and from thedata switching system.

Any suitable programming language can be used to implement the routinesof the present invention including C, C++, Java, assembly language, etc.Different programming techniques such as procedural or object orientedcan be employed. The routines can execute on a single processing deviceor multiple processors. Although the steps, operations, or computationsmay be presented in a specific order, this order may be changed indifferent embodiments. In some embodiments, multiple steps shownsequentially in this specification can be performed at the same time.The sequence of operations described herein can be interrupted,suspended, or otherwise controlled by another process, such as anoperating system, kernel, etc. The routines can operate in an operatingsystem environment or as stand-alone routines occupying all, or asubstantial part, of the system processing.

In the description herein for embodiments of the present invention,numerous specific details are provided, such as examples of componentsand/or methods, to provide a thorough understanding of embodiments ofthe present invention. One skilled in the relevant art will recognize,however, that an embodiment of the invention can be practiced withoutone or more of the specific details, or with other apparatus, systems,assemblies, methods, components, materials, parts, and/or the like. Inother instances, well-known structures, materials, or operations are notspecifically shown or described in detail to avoid obscuring aspects ofembodiments of the present invention.

Also in the description herein for embodiments of the present invention,a portion of the disclosure recited in the specification containsmaterial, which is subject to copyright protection. Computer programsource code, object code, instructions, text or other functionalinformation that is executable by a machine may be included in anappendix, tables, figures or in other forms. The copyright owner has noobjection to the facsimile reproduction of the specification as filed inthe Patent and Trademark Office. Otherwise all copyright rights arereserved.

A ‘computer’ for purposes of embodiments of the present invention mayinclude any processor-containing device, such as a mainframe computer,personal computer, laptop, notebook, microcomputer, server, personaldata manager or ‘PIM’ (also referred to as a personal informationmanager), smart cellular or other phone, so-called smart card, set-topbox, or any of the like. A ‘computer program’ may include any suitablelocally or remotely executable program or sequence of codedinstructions, which are to be inserted into a computer, well known tothose skilled in the art. Stated more specifically, a computer programincludes an organized list of instructions that, when executed, causesthe computer to behave in a predetermined manner. A computer programcontains a list of ingredients (called variables) and a list ofdirections (called statements) that tell the computer what to do withthe variables. The variables may represent numeric data, text, audio orgraphical images. If a computer is employed for synchronously presentingmultiple video program ID streams, such as on a display screen of thecomputer, the computer would have suitable instructions (e.g., sourcecode) for allowing a user to synchronously display multiple videoprogram ID streams in accordance with the embodiments of the presentinvention. Similarly, if a computer is employed for presenting othermedia via a suitable directly or indirectly coupled input/output (I/O)device, the computer would have suitable instructions for allowing auser to input or output (e.g., present) program code and/or datainformation respectively in accordance with the embodiments of thepresent invention.

A ‘computer readable medium’ for purposes of embodiments of the presentinvention may be any medium that can contain, store, communicate,propagate, or transport the computer program for use by or in connectionwith the instruction execution system apparatus, system or device. Thecomputer readable medium can be, by way of example only but not bylimitation, an electronic, magnetic, optical, electromagnetic, infrared,or semiconductor system, apparatus, system, device, or computer memory.The computer readable medium may have suitable instructions forsynchronously presenting multiple video program ID streams, such as on adisplay screen, or for providing for input or presenting in accordancewith various embodiments of the present invention.

Reference throughout this specification to “one embodiment”, “anembodiment”, or “a specific embodiment” means that a particular feature,structure, or characteristic described in connection with the embodimentis included in at least one embodiment of the present invention and notnecessarily in all embodiments. Thus, respective appearances of thephrases “in one embodiment”, “in an embodiment”, or “in a specificembodiment” in various places throughout this specification are notnecessarily referring to the same embodiment. Furthermore, theparticular features, structures, or characteristics of any specificembodiment of the present invention may be combined in any suitablemanner with one or more other embodiments. It is to be understood thatother variations and modifications of the embodiments of the presentinvention described and illustrated herein are possible in light of theteachings herein and are to be considered as part of the spirit andscope of the present invention.

Further, at least some of the components of an embodiment of theinvention may be implemented by using a programmed general-purposedigital computer, by using application specific integrated circuits,programmable logic devices, or field programmable gate arrays, or byusing a network of interconnected components and circuits. Connectionsmay be wired, wireless, by modem, and the like.

It will also be appreciated that one or more of the elements depicted inthe drawings/figures can also be implemented in a more separated orintegrated manner, or even removed or rendered as inoperable in certaincases, as is useful in accordance with a particular application.

Additionally, any signal arrows in the drawings/Figures should beconsidered only as exemplary, and not limiting, unless otherwisespecifically noted. Combinations of components or steps will also beconsidered as being noted, where terminology is foreseen as renderingthe ability to separate or combine is unclear.

As used in the description herein and throughout the claims that follow,“a”, “an”, and “the” includes plural references unless the contextclearly dictates otherwise. Also, as used in the description herein andthroughout the claims that follow, the meaning of “in” includes “in” and“on” unless the context clearly dictates otherwise.

The foregoing description of illustrated embodiments of the presentinvention, including what is described in the abstract, is not intendedto be exhaustive or to limit the invention to the precise formsdisclosed herein. While specific embodiments of, and examples for, theinvention are described herein for illustrative purposes only, variousequivalent modifications are possible within the spirit and scope of thepresent invention, as those skilled in the relevant art will recognizeand appreciate. As indicated, these modifications may be made to thepresent invention in light of the foregoing description of illustratedembodiments of the present invention and are to be included within thespirit and scope of the present invention. Thus, while the presentinvention has been described herein with reference to particularembodiments thereof, a latitude of modification, various changes andsubstitutions are intended in the foregoing disclosures, and it will beappreciated that in some instances some features of embodiments of theinvention will be employed without a corresponding use of other featureswithout departing from the scope and spirit of the invention as setforth. Therefore, many modifications may be made to adapt a particularsituation or material to the essential scope and spirit of the presentinvention. It is intended that the invention not be limited to theparticular terms used in following claims and/or to the particularembodiment disclosed as the best mode contemplated for carrying out thisinvention, but that the invention will include any and all embodimentsand equivalents falling within the scope of the appended claims.

1. A method for suppressing flow of data packets in a network, thenetwork comprising at least one virtual local area network (VLAN), atleast one provider edge (PE) having at least one active virtual circuit(VC), at least one virtual forwarding instance (VFI) and a multiprotocol label switching (MPLS) system, the method comprising:specifying various types of data packets that need to be regulated;identifying the type of data packets generated from and sent to eachVLAN; configuring a level of suppression for each type of data packetsgenerated from and sent to each VLAN; determining a number of activevirtual circuits (VCs) for the VLAN, wherein the number of active VCsvary dynamically; determining rate of flow of the identified types ofdata packets sent to the MPLS from the VLAN based on replication of theone or more input packets on the determined number of active VCs; andallowing the flow of data packets from the VLAN to the MPLS system, ifthe flow of data packets is below the level of suppression.
 2. Themethod of claim 1 further comprises reporting to a user the rate of flowof the identified types of data packets sent between VLAN and the dataswitching system.
 3. The method of claim 1, wherein the level ofsuppression is further configured on per VFI basis.
 4. A system forregulating flow of data packets in a network, wherein the networkcomprises at least one VLAN, at least one VFI, and a data switchingsystem, the system comprising: a data identifier for identifying thetype of data packet, wherein the type of data packet is at least one ofunicast, multicast and broadcast; a configuration module for configuringa data packet flow policy criteria for each VLAN; a calculator fordetermining the rate of flow of data packets sent between the VLAN andthe data switching system based on a number of active virtual circuits(VCs) for the VLAN, where in the number of active VCs vary dynamically,rate of the flow based on replication of packets on the determinednumber of active VCs; and a data packet flow regulator for regulatingthe packet flow associated with the VLAN according to policy criteria.5. The system of claim 4 further comprising a user notification moduleto inform the user the rate of flow of the data packets.
 6. The systemof claim 4 wherein the data switching system comprises a multi protocollabel switching (MPLS) system.
 7. The system of claim 4 wherein the datapacket flow policy criteria is configured for each VFI.
 8. A methodcomprising: receiving one or more input packets from a virtual localarea network (VLAN); determining a data suppression level for the VLAN;determining a number of active virtual circuits (VCs) for the VLAN,wherein the number of active VCs vary dynamically; determining a datapacket flow rate based on replication of the one or more input packetson the determined number of active VCs; determining if the data packetflow rate is higher than the data suppression level; and suppressingsending of at least a portion of the one or more input packets on theactive virtual circuits if the data packet flow rate is higher than thedata suppression level.
 9. The method of claim 8, wherein the active VCsare distributed on a plurality of line cards (LCs) and the suppressingis performed on the plurality of LCs.
 10. The method of claim 8, furthercomprising replicating the one or more input packets using the activeVCs if the data packet flow rate is lower than the data suppressionlevel.
 11. The method of claim 8, further comprising: determining a typeof input packet in the one or more input packets, wherein different datasuppression levels are applied to different types of input packets. 12.The method of claim 11, wherein suppressing comprises suppressing one ormore input packets based on the type of input packet.
 13. The method ofclaim 8, wherein the one or more input packets are received from auser-side of the VLAN and the suppression is for a data switching sideof the VLAN.
 14. An apparatus comprising: one or more processors; andlogic encoded in one or more computer readable mediums for execution bythe one or more processors and when executed operable to: receive one ormore input packets from a virtual local area network (VLAN); determine adata suppression level for the VLAN; determine a number of activevirtual circuits (VCs) for the VLAN, wherein the number of active VCsvary dynamically; determine a data packet flow rate based on replicationof the one or more input packets on the determined number of active VCs;determine if the data packet flow rate is higher than the datasuppression level; and suppress sending of at least a portion of the oneor more input packets on the active virtual circuits if the data packetflow rate is higher than the data suppression level.
 15. The apparatusof claim 14, wherein the active VCs are distributed on a plurality ofline cards (LCs) and the suppressing is performed on the plurality ofLCs.
 16. The apparatus of claim 14, wherein the logic when executed isfurther operable to replicate the one or more input packets using theactive VCs if the data packet flow rate is lower than the datasuppression level.
 17. The apparatus of claim 14, wherein the logic whenexecuted is further operable to determine a type of input packet in theone or more input packets, wherein different data suppression levels areapplied to different types of input packets.
 18. The apparatus of claim17, wherein logic operable to suppress comprises logic operable tosuppress one or more input packets based on the type of input packet.19. The apparatus of claim 14, wherein the one or more input packets arereceived from a user-side of the VLAN and the suppression is for a dataswitching side of the VLAN.